Non-repudiation process for credit approval and identity theft prevention

ABSTRACT

Embodiments are directed towards employing a non-repudiation process for consumer credit requests based on an affirmative authentication of a one-time-pin (“OTP”) generated from a consumer biometric smartcard. The biometric smartcard may authenticate biometric information (e.g. fingerprint, facial image, iris image, or the like) of the consumer based on biometric templates stored on the biometric smartcard. In at least some of the various embodiments, the OTP may be authenticated by an identity authority, such that an associated credit request to a provider may be authenticated. In some embodiments, the provider may request and utilize a credit report for an authentic credit request to determine whether or not the consumer has an acceptable credit rating. If the consumer has an acceptable credit rating, then the provider may provide credit to the consumer.

CROSS-REFERENCE TO RELATED APPLICATIONS

This Application claims the benefit under 35 U.S.C. §119(e) of U.S.Provisional Patent Application Ser. No. 61/444,617 filed on Feb. 18,2011, which is incorporated herein by reference.

TECHNICAL FIELD

The present invention relates generally to processing of credittransactions, and, more particularly, but not exclusively to enabling anon-repudiation process for approving credit for individuals andpreventing identity theft.

BACKGROUND

A consumer that wishes to apply for credit may assert his identity to aprovider of credit based services, such as a bank, retailer, utilitycompany, and the like. The consumer may apply for credit by completing acredit application (paper-based or otherwise—via phone, Internet, ATM,short message service (“SMS”) or other such useful medium). Along withother relevant information, the consumer typically provides anidentifier with which the provider can verify his identity. Theidentifier can uniquely identify the consumer such as social securitynumber. Also, the identifier can be a transaction number by which theprovider can verify the identity of the consumer within the context of abusiness relationship with the provider for its products and/orservices.

The credit application can be completed by the consumer in theprovider's presence or it can be completed at an outlet location orthrough some communication medium where the consumer is not inprovider's presence. In the latter case, the completed creditapplication may be later transported (via any secure or reliablemeans—electronically, physically or via mail) to the provider.Unfortunately, if the consumer's identity information that is used toapply for credit is stolen, substantial financial losses can result forthe consumer and the provider. However, if a consumer's identity waslinked to a unique identifier on a credit application form, consumeridentity theft could be reduced and a reliable non-repudiation processfor credit could be established.

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments of the present invention aredescribed with reference to the following drawings. In the drawings,like reference numerals refer to like parts throughout the variousfigures unless otherwise specified.

For a better understanding of the present invention, reference will bemade to the following Detailed Description, which is to be read inassociation with the accompanying drawings, wherein:

FIG. 1 is a system diagram of an environment in which embodiments of theinvention may be implemented;

FIG. 2 shows an embodiment of a client device that may be included in asystem such as that shown in FIG. 1;

FIG. 3 shows an embodiment of a network device that may be included in asystem such as that shown in FIG. 1;

FIG. 4 shows an embodiment of a biometric smartcard that may be utilizedin a system such as that shown in FIG. 1;

FIG. 5 illustrates a logical flow diagram generally showing oneembodiment of an overview process for authenticating a credit requestfor a consumer;

FIG. 6 illustrates a logical flow diagram generally showing oneembodiment of a process for utilizing an identity authority and aone-time-pin generated from a consumer biometric smartcard toauthenticate a credit request from a consumer;

FIG. 7 shows one embodiment of a system for implementing a creditrequest authentication process such as that shown in FIG. 6;

FIG. 8 illustrates a logical flow diagram generally showing analternative embodiment of a process for utilizing an identity authorityand a one-time-pin generated from a consumer biometric smartcard toauthenticate a credit request for a consumer;

FIG. 9 shows one embodiment of a system for implementing a creditrequest authentication process such as that shown in FIG. 8;

FIG. 10 illustrates a logical flow diagram generally showing analternative embodiment of a process for utilizing an identity authorityand a one-time-pin generated from a consumer biometric smartcard toauthenticate a credit request for a consumer; and

FIG. 11 shows one embodiment of a system for implementing a creditrequest authentication process such as that shown in FIG. 10.

DETAILED DESCRIPTION

Throughout the specification and claims, the following terms take themeanings explicitly associated herein, unless the context clearlydictates otherwise. The phrase “in one embodiment” as used herein doesnot necessarily refer to the same embodiment, though it may.Furthermore, the phrase “in another embodiment” as used herein does notnecessarily refer to a different embodiment, although it may. Thus, asdescribed below, various embodiments of the invention may be readilycombined, without departing from the scope or spirit of the invention.

In addition, as used herein, the term “or” is an inclusive “or”operator, and is equivalent to the term “and/or,” unless the contextclearly dictates otherwise. The term “based on” is not exclusive andallows for being based on additional factors not described, unless thecontext clearly dictates otherwise. In addition, throughout thespecification, the meaning of “a,” “an,” and “the” include pluralreferences. The meaning of “in” includes “in” and “on.”

As used herein, the term “consumer” refers to any person who applies forcredit.

As used herein, the term “provider” refers to any entity, individual,partnership, company, business, or the like that may provide creditand/or a credit-based services and/or products to a consumer. Providersmay include, but are not limited to, banks, companies offering post-paidbilling services, utility companies, retailers, merchants, vendors,wholesalers, dealers, or the like.

The following briefly describes embodiments of the invention in order toprovide a basic understanding of some aspects of the invention. Thisbrief description is not intended as an extensive overview. It is notintended to identify key or critical elements, or to delineate orotherwise narrow the scope. Its purpose is merely to present someconcepts in a simplified form as a prelude to the more detaileddescription that is presented later.

Briefly stated, embodiments are directed towards a non-repudiationprocess for consumer credit requests based on an affirmativeauthentication of a one-time-pin (“OTP”) generated from a consumerbiometric smartcard. A consumer may be provided one or more biometricsmartcards and one or more unique identification numbers (“UIDNs”). Thebiometric smartcard may include one or more biometric templates ofbiometric information of the consumer. Such biometric information mayinclude, fingerprints, facial images, iris images, or the like, or anycombination thereof. When the consumer requests credit, the consumer mayutilize the biometric smartcard to generate an OTP. In some embodiments,the OTP may be generated when biometric information of the consumer isaffirmatively authenticated by the biometric smartcard. Biometricinformation of the consumer may be captured by the biometric smartcardwhen the consumer presses a finger on a touch sensor, takes a facialimage and/or an iris image using an image sensor, or the like, or anycombination thereof.

In some embodiments, a consumer may provide a credit request to aprovider. In one embodiment, the provider may request an OTP from theconsumer and provide it to an identity authority. In other embodiments,the identity authority may request the OTP from the consumer. Theidentity authority may provide the provider a provider verificationtransaction number (“PVTN”) when the OTP is authentic, indicating thatthe credit request is authentic.

In yet other embodiments, the consumer may provide an OTP to an identityauthority for authentication prior to providing a credit request to aprovider. When the OTP is authentic, the identity authority may providethe consumer a consumer verification transaction number (“CVTN”). Theconsumer may include the CVTN with a credit request to a provider. Theprovider may send the CVTN to the identity authority for authentication.The identity authority may provide the provider a PVTN when the CVTN isauthentic, indicating that the credit request is authentic.

In at least one embodiment, the provider may request a credit reportfrom a credit bureau for an authentic credit request. In otherembodiments, requesting a credit report from a credit bureau may beoptional and may not be performed. The provider may utilize a receivedcredit report to determine whether or not the consumer has an acceptablecredit rating. If the consumer has an acceptable credit rating, then theprovider may provide credit to the consumer; otherwise, the provider mayreject the credit request from the consumer. In some embodiments, aprovider may internally maintain credit reports and/or credit ratingsfor consumers separate from credit bureaus.

In at least one of the various embodiments, a process is provided toauthenticate a consumer for a financial service from a provider over anetwork. The provider receives a request for the financial service fromthe consumer that is assigned a biometric card and a uniqueidentification number (“UIDN”) that corresponds to the biometric card.The biometric card is employed to determine an authenticity of biometricinformation about the consumer that is captured by the biometric card.The provider provides at least the UIDN received from the consumer to anidentity authority that determines an authenticity of a one time pin(“OTP”). The OTP is generated by the biometric card based on at leastaffirmative authentication of biometric information about the consumer.Next, the identity authority authorizes the provider to provide theconsumer with access to the financial service based on the identityauthority's affirmative authentication of the OTP provided by theconsumer.

In at least one of the various embodiments, the consumer provides theOTP to the provider along with the UIDN and the request for financialservices. Also, in at least one of the various embodiments, the providerrequests and receives the OTP from the consumer after the providerreceives the request for financial services. Additionally, in at leastone of the embodiments, the third party entity requests and receives theOTP after the provider receives the request for financial services.

Moreover, in at least one of the embodiments, several actions occur,including: (1) employing the third party entity to receive the OTP fromthe consumer prior to the provider receiving the request; (2) employingthe third party entity to provide a consumer verification transactionnumber (“CVTN”) to the consumer based on an affirmative authenticationof the OTP; (3) employing the provider to receive the CVTN from theconsumer; (4) employing the provider to provide the CVTN to the thirdparty entity; and (5) employing the third party entity to authorize theprovider to provide the consumer with access to the financial servicebased on the third party entity's affirmative authentication of the CVTNprovided by the consumer.

In at least one of the various embodiments, the biometric informationabout the consumer includes at least one of a fingerprint, a facialimage, and an image of an iris in an eye of the consumer. Also, in atleast one of the various embodiments, the provider requests a creditreport about the consumer from a credit bureau based on at least one ofthe UIDN and a consumer verification transaction number (“CVTN”), and aprovider verification transaction number (“PVTN”). In other embodiments,the provider may not request a credit report about the consumer from acredit bureau. Additionally, in at least one of the various embodiments,the OTP is communicated to the identity authority by at least one of atelephone call, a fax, a physical letter, an electronic message, and awebsite.

Illustrative Operating Environment

FIG. 1 shows components of one embodiment of an environment in which theinvention may be practiced. Not all the components may be required topractice the invention, and variations in the arrangement and type ofthe components may be made without departing from the spirit or scope ofthe invention.

As shown, system 100 of FIG. 1 includes automated teller machine (“ATM”)device 102, client devices 103-105, telephone/fax device 106, network108, provider server device (“PSD”) 110, identity authority serverdevice (“IASD”) 112, credit bureau server device (“CBSD”) 114, andcredit registration server device (“CRSD”) 116. System 100 also includesbiometric smartcard 101. Network 108 is in communication with andenables communication between ATM device 102, client devices 103-105,PSD 110, IASD 112, CBSD 114, and CRSD 116. CRSD 116 is in communicationwith network 108 and telephone/fax device 106. In some embodiments,biometric smartcard 101 may be in communication with ATM device 102,client devices 103-105, and/or telephone/fax device 106.

One embodiment of biometric smartcard 101 is described in more detailbelow in conjunction with FIG. 4. Briefly, however, biometric smartcard101 may include virtually any device capable of capturing biometricinformation of a consumer and authenticating it with stored biometrictemplates. Such biometric information may include, but is not limitedto, fingerprints, handprints, palm prints, facial images, iris images,or the like. In some embodiments, biometric smartcard 101 may provideinformation, such as a one-time-pin (“OTP”), upon affirmativeauthentication of the consumer's biometric information. One example ofbiometric smartcard 101 that provides an OTP is disclosed in U.S. PatentApplication Publication No. US 2005/0044387 A1, which is incorporated byreference herein.

Information from biometric smartcard 101 may be communicated to clientdevices 103-105, ATM device 102, and/or telephone/fax device 106 in anumber of different methods. In some embodiments, a consumer may enterinformation from biometric smartcard 101 into ATM device 102, clientdevices 103-105, and/or telephone/fax device 106 by keypad, speechrecognition, or the like. In other embodiments, biometric smartcard 101may be connected to and/or part of client devices 103-105, ATM device102, and/or telephone/fax device 106. For example, in one embodiment,client device 103 may include biometric smartcard 101. In anotherembodiment, biometric smartcard 101 may communicate with client device103 through an input/output interface, such as, for example, but notlimited to, through a universal serial bus (“USB”) port.

Telephone/fax device 106 may include virtually any landline telephonedevice configured to send and receive sounds via a pair of wiresconnected to a telephone network (e.g. public switched telephone network(“PSTN”)). Telephone/fax device 106 may include virtually any facsimiledevice configured to scan printed material (e.g. drawings, photographs,or the like) and transmit the scanned data by radio or telephone forreproduction elsewhere. In some embodiments, telephone/fax device 106may include a landline telephone device, a facsimile device, and/or anycombination thereof.

ATM device 102 may include virtually any device configured to dispensecash and/or products upon verification of a consumer's identity. In someembodiments, ATM device 102 may employ provide credit to a consumer uponverification of the consumer's identity, such as by utilizing at leastone of the processes described below in conjunction with FIGS. 5, 6, 8,and/or 10. In one embodiment, at least some of the functions of PSD 110may be performed by ATM device 102.

One embodiment of client devices 103-105 is described in more detailbelow in conjunction with FIG. 2. In one embodiment, at least some ofclient devices 103-105 may operate over a wired and/or a wirelessnetwork, such as networks 108. Generally, client devices 103-105 mayinclude virtually any computing device capable of communicating over anetwork to send and receive information, including instant messages,performing various online activities, or the like. It should berecognized that more or less client devices may be included within asystem such as described herein, and embodiments are therefore notconstrained by the number or type of client devices employed.

Devices that may operate as client device 103 may include devices thattypically connect using a wired or wireless communications medium, suchas personal computers, servers, multiprocessor systems,microprocessor-based or programmable consumer electronics, network PCs,or the like. In some embodiments, client devices 103-105 may includevirtually any portable computing device capable of connecting to anothercomputing device and receiving information, such as smart phone 104,tablet computer 105, or the like. However, portable computer devices arenot so limited an may also include other portable devices, such aslaptop computers, cellular telephones, display pagers, radio frequency(“RF”) devices, infrared (“IR”) devices, Personal Digital Assistants(“PDAs”), handheld computers, wearable computers integrated devicescombining one or more of the preceding devices, and the like. As such,client devices 103-105 typically range widely in terms of capabilitiesand features. Moreover, client devices 103-105 may provide access tovarious computing applications, including a browser, or other web-basedapplications.

A web-enabled client device may include a browser application that isconfigured to receive and to send web pages, web-based messages, and thelike. The browser application may be configured to receive and displaygraphics, text, multimedia, and the like, employing virtually anyweb-based language, including a wireless application protocol messages(“WAP”), and the like. In one embodiment, the browser application isenabled to employ Handheld Device Markup Language (“HDML”), WirelessMarkup Language (“WML”), WMLScript, JavaScript, Standard GeneralizedMarkup Language (“SGML”), HyperText Markup Language (“HTML”), eXtensibleMarkup Language (“XML”), and the like, to display and send a message. Inone embodiment, a user of the client device may employ the browserapplication to perform various activities over a network (online).However, another application may also be used to perform various onlineactivities.

Client devices 103-105 also may include at least one other clientapplication that is configured to receive and/or send data betweenanother computing device. The client application may include acapability to provide send and/or receive content, or the like. Theclient application may further provide information that identifiesitself, including a type, capability, name, or the like. In oneembodiment, client device 103-105 may uniquely identify themselvesthrough any of a variety of mechanisms, including a phone number, MobileIdentification Number (“MIN”), an electronic serial number (“ESN”), orother mobile device identifier. The information may also indicate acontent format that the mobile device is enabled to employ. Suchinformation may be provided in a network packet, or the like, sentbetween other client devices, PSD 110, IASD 112, or other computingdevices.

Client devices 103-105 may further be configured to include a clientapplication that enables an end-user to log into an end-user accountthat may be managed by another computing device, such as PSD 110, IASD112, or the like. Such end-user account, in one non-limiting example,may be configured to enable the end-user to manage one or more onlineactivities, including in one non-limiting example, search activities,social networking activities, browse various websites, communicate withother users, participate in gaming, interact with various applications,or the like. However, participation in online activities may also beperformed without logging into the end-user account.

Network 108 is configured to couple network devices with other computingdevices, including, ATM device 102, PSD 110, IASD 112, CBSD 114, CRSD116, and client devices 103-105. Network 108 is enabled to employ anyform of computer readable media for communicating information from oneelectronic device to another. Also, network 108 can include the Internetin addition to LANs, WANs, direct connections, such as through a USBport, other forms of computer readable media, or any combinationthereof. On an interconnected set of LANs, including those based ondiffering architectures and protocols, a router acts as a link betweenLANs, enabling messages to be sent from one to another. In addition,communication links within LANs typically include twisted wire pair orcoaxial cable, while communication links between networks may utilizeanalog telephone lines, full or fractional dedicated digital linesincluding T1, T2, T3, and T4, and/or other carrier mechanisms including,for example, E-carriers, Integrated Services Digital Networks (“ISDNs”),Digital Subscriber Lines (“DSLs”), wireless links including satellitelinks, or other communications links known to those skilled in the art.Moreover, communication links may further employ any of a variety ofdigital signaling technologies, including without limit, for example,DS-0, DS-1, DS-2, DS-3, DS-4, OC-3, OC-12, OC-48, or the like.Furthermore, remote computers and other related electronic devices couldbe remotely connected to either LANs or WANs via a modem and temporarytelephone link. In one embodiment, network 108 may be configured totransport information of an Internet Protocol (“IP”). In essence,network 108 includes any communication method by which information maytravel between computing devices. In some other embodiments, network 108may support voice over Internet Protocol (“VOIP”) applications, planeold telephone service (“POTS”), or the like.

Additionally, communication media typically embodies computer readableinstructions, data structures, program modules, or other transportmechanism and includes any information delivery media. By way ofexample, communication media includes wired media such as twisted pair,coaxial cable, fiber optics, wave guides, and other wired media andwireless media such as acoustic, RF, infrared, and other wireless media.

In some embodiments, network 108 may also be configured to include awireless network. Such a wireless network may be configured to coupleclient devices 104-105 and its components with other networks and/orcomputing devices, such as PSD 110, IASD 112, or the like. The wirelessnetwork may include any of a variety of wireless sub-networks that mayfurther overlay stand-alone ad-hoc networks, and the like, to provide aninfrastructure-oriented connection for client devices 104-105. Suchsub-networks may include mesh networks, Wireless LAN (“WLAN”) networks,cellular networks, and the like. In one embodiment, the system mayinclude more than one wireless network.

Such a wireless network may further include an autonomous system ofterminals, gateways, routers, and the like connected by wireless radiolinks, and the like. These connectors may be configured to move freelyand randomly and organize themselves arbitrarily, such that the topologyof the wireless network may change rapidly.

Further, such a wireless network may further employ a plurality ofaccess technologies including 2nd (2G), 3rd (3G), 4th (4G) generationradio access for cellular systems, WLAN, Wireless Router (“WR”) mesh,and the like. Access technologies such as 2G, 3G, 4G and future accessnetworks may enable wide area coverage for mobile devices, such asclient devices 104-105 with various degrees of mobility. In onenon-limiting example, wireless network may enable a radio connectionthrough a radio network access such as Global System for Mobilcommunication (“GSM”), General Packet Radio Services (“GPRS”), EnhancedData GSM Environment (“EDGE”), Wideband Code Division Multiple Access(“WCDMA”), and the like. In essence, wireless network 107 may includevirtually any wireless communication mechanism by which information maytravel between client devices 103-105 and another computing device,network, and the like.

One embodiment of PSD 110 is described in more detail below inconjunction with FIG. 3. Briefly, however, PSD 110 may include virtuallyany network device that receives credit requests and provides credit toconsumers, such as a user of ATM device 102, client devices 103-105,telephone/fax device 106, or the like. In some embodiments, PSD 110 mayprovide the requested credit, if the consumer's identity isauthenticated, such as by IASD 112. In at least one of the variousembodiments, PSD 110 may communicate with CBSD 114 to receive a creditreport for a consumer whose identity has been authenticated. In oneembodiment, PSD 110 may provide CBSD 114 with information for creditreport updates, such as, but not limited to, approved credit requests,rejected credit requests, unauthentic credit requests, or the like.

In some embodiments, PSD 110 may request an OTP from a consumer for acredit request provided by the consumer. In some embodiments, PSD 110may utilize an automated process and telephone number provided by theconsumer to call the consumer for the OTP. In other embodiments, PSD 110may utilize other communication means (e.g. an SMS message, emailmessage, or the like) to request an OTP from the consumer. PSD 110 mayprovide a received OTP to an identity authority, such as IASD 112, forverification. In one embodiment, PSD 110 may receive a providerverification transaction number (“PVTN”) from IASD 112 when the receivedOTP is authentic.

In other embodiments, PSD 110 may receive a consumer verificationtransaction number (“CVTN) with a credit request from a consumer. In onesuch embodiment, the consumer may receive the CVTN from an identityauthority, such as IASD 112, which is described in more detail below.PSD 110 may provide the CVTN to IASD 112 for verification. In oneembodiment, PSD 110 may receive a PVTN from IASD 112 when the receivedCVTN is authentic.

In some other embodiments, PSD 110 may receive a credit request from aconsumer without an OTP and/or CVTN. In one such embodiment, PSD 110 maysend an identification verification request for the credit request toIASD 112. In one embodiment, PSD 110 may receive a PVTN from IASD 112when an OTP requested from the consumer by IASD 112 is authentic, whichis described in more detail below.

In another embodiment, PSD 110 may communicate with CRSD 116 to receiveconsumer information provided by telephone/fax device 106, such as, butnot limited to, credit requests, OTPs, CVTNs, or the like. In at leastone of the various embodiments, PSD 110 may also communicate (not shown)with telephone/fax device 106 directly to request an OTP from aconsumer.

Devices that may operate as PSD 110 include various network devices,including, but not limited to, personal computers, desktop computers,multiprocessor systems, microprocessor-based or programmable consumerelectronics, network PCs, server devices, network appliances, and thelike.

Although FIG. 1 illustrates PSD 110 as a single computing device, theinvention is not so limited. For example, one or more functions of PSD110 may be distributed across one or more distinct network devices.Moreover, PSD 110 is not limited to a particular configuration. Thus, inone embodiment, PSD 110 may contain a plurality of network devices thatoperate using a master/slave approach, where one of the plurality ofnetwork devices of PSD 110 operate to manage and/or otherwise coordinateoperations of the other network devices. In other embodiments, the PSD110 may operate as a plurality of network devices within a clusterarchitecture, a peer-to-peer architecture, and/or even within a cloudarchitecture. Thus, the invention is not to be construed as beinglimited to a single environment, and other configurations, andarchitectures are also envisaged. Furthermore, in some embodiments, eachof a plurality of providers may have a separate and/or combined PSD 110.

One embodiment of IASD 112 is described in more detail below inconjunction with FIG. 3. Briefly, however, IASD 112 may includevirtually any network device that verifies and/or authenticates aconsumer's identity, such as an identity of a user of ATM device 102,client devices 103-105, telephone/fax device 106, or the like. In atleast one of the various embodiments, IASD 112 may also communicate (notshown) with telephone/fax device 106 to receive and/or request an OTPfrom a consumer.

In some embodiments, IASD 112 may receive an identity verificationrequest of a consumer credit request for a provider, such as PSD 110. Inone embodiment, the identity verification request may include an OTP andUIDN provided by the consumer. IASD 112 may authenticate the receivedOTP based on the UIDN and the OTP. In at least some embodiments, IASD112 may provide PSD 110 with a verification response after the OTP isauthenticated. In one embodiment, the verification response may includea PVTN when the received OTP is authentic. In another embodiment, theverification response may indicate that the OTP authentication failed.

In other embodiments, IASD 112 may receive consumer verificationinformation from a consumer. In one embodiment, the consumerverification information may include an OTP, UIDN, registrationidentifier (“RID”) for a provider, and/or a product/service number(“PSN”), or the like. In at least one of the various embodiments, IASD112 may authenticate the received OTP based on the UIDN and the OTP.IASD 112 may provide a CVTN to the consumer when the received OTP isauthentic. In some embodiments, IASD 112 may receive an identifyverification request from a provider, such as PSD 110. In oneembodiment, the identify verification request may include a UIDN, CVTN,RID, and/or PSN. IASD 112 may authenticate the received CVTN based onthe UIDN and the CVTN. In at least some embodiments, IASD 112 mayprovide PSD 110 with a verification response after the CVTN isauthenticated. In one embodiment, the verification response may includea PVTN when the CVTN is authentic. In another embodiment, theverification response may indicate that the CVTN authentication failed.

In yet other embodiments, IASD 112 may receive an identify verificationinformation from a provider, such as PSD 110, for a consumer without anOTP and/or CVTN. In one such embodiment, IASD 112 may request an OTPfrom the consumer. In some embodiments, IASD 112 may utilize anautomated process and telephone number provided by the consumer to callthe consumer for the OTP. In other embodiments, IASD 112 may utilizeother communication means (e.g. an SMS message, email message, or thelike) to request an OTP from the consumer. IASD 112 may authenticate areceived OTP based on a UIDN for the consumer and the OTP. In at leastsome embodiments, IASD 112 may provide PSD 110 with a verificationresponse after the OTP is authenticated. In one embodiment, theverification response may include a PVTN when the received OTP isauthentic. In another embodiment, the verification response may indicatethat the OTP authentication failed.

Devices that may operate as IASD 112 include various network devices,including, but not limited to, personal computers, desktop computers,multiprocessor systems, microprocessor-based or programmable consumerelectronics, network PCs, server devices, network appliances, and thelike.

Although FIG. 1 illustrates IASD 112 as a single computing device, theinvention is not so limited. For example, one or more functions of IASD112 may be distributed across one or more distinct network devices.Moreover, IASD 112 is not limited to a particular configuration. Thus,in one embodiment, IASD 112 may contain a plurality of network devicesthat operate using a master/slave approach, where one of the pluralityof network devices of IASD 112 operate to manage and/or otherwisecoordinate operations of the other network devices. In otherembodiments, the IASD 112 may operate as a plurality of network deviceswithin a cluster architecture, a peer-to-peer architecture, and/or evenwithin a cloud architecture. Thus, the invention is not to be construedas being limited to a single environment, and other configurations, andarchitectures are also envisaged.

One embodiment of CBSD 114 is described in more detail below inconjunction with FIG. 3. Briefly, however, CBSD 114 may includevirtually any network device that manages credit reporting for consumersand/or providers. In some embodiments, CBSD 114 may receive creditreport requests from a provider, such as PSD 110. In one embodiment,CBSD 114 may utilize a received PVTN and/or UIDN to select and provide acredit report for the consumer to PSD 110. In other embodiments, CBSD114 may update credit reports based on credit approvals of a provider.In one embodiment, CBSD 114 may update credit reports based on failedconsumer authentication (i.e. failed OTP and/or CVTN authentication).

In some embodiments, at least some of the functions of CBSD 114 may beperformed by PSD 110 and/or IASD 112. For example, PSD 110 may maintainan internal credit reporting system separate from CBSD 114. In oneembodiment, PSD 110 may maintain credit reports for credit requestsunder a predetermined threshold (e.g. $100.00). In some embodiments, aninternal credit reporting system may be beneficial because it may beuneconomical to utilize an external credit bureau (e.g. CBSD 114) forsome purchases (e.g. purchases under a defined amount).

Devices that may operate as CBSD 114 include various network devices,including, but not limited to, personal computers, desktop computers,multiprocessor systems, microprocessor-based or programmable consumerelectronics, network PCs, server devices, network appliances, and thelike.

Although FIG. 1 illustrates CBSD 114 as a single computing device, theinvention is not so limited. For example, one or more functions of CBSD114 may be distributed across one or more distinct network devices.Moreover, CBSD 114 is not limited to a particular configuration. Thus,in one embodiment, CBSD 114 may contain a plurality of network devicesthat operate using a master/slave approach, where one of the pluralityof network devices of CBSD 114 operate to manage and/or otherwisecoordinate operations of the other network devices. In otherembodiments, the CBSD 114 may operate as a plurality of network deviceswithin a cluster architecture, a peer-to-peer architecture, and/or evenwithin a cloud architecture. Thus, the invention is not to be construedas being limited to a single environment, and other configurations, andarchitectures are also envisaged. Furthermore, in some embodiments, eachof a plurality of credit bureaus may have a separate and/or combinedCBSD 114.

One embodiment of CRSD 116 is described in more detail below inconjunction with FIG. 3. Briefly, however, CRSD 116 may includevirtually any network device that communicates with telephone/fax device106 to provide information to PSD 110 and/or IASD 112. In someembodiments, CRSD 116 may utilize an automated telephone service toreceive a credit request from a consumer. In other embodiments, CRSD 116may utilize an automated telephone service to request and/or receive anOTP, UIDN, or the like from a consumer using telephone/fax device 106.In some other embodiments, at least some of the functions of CRSD 116may be performed by PSD 110 and/or IASD 112.

Devices that may operate as CRSD 116 include various network devices,including, but not limited to, personal computers, desktop computers,multiprocessor systems, microprocessor-based or programmable consumerelectronics, network PCs, server devices, network appliances, and thelike.

Although FIG. 1 illustrates CRSD 116 as a single computing device, theinvention is not so limited. For example, one or more functions of CRSD116 may be distributed across one or more distinct network devices.Moreover, CRSD 116 is not limited to a particular configuration. Thus,in one embodiment, CRSD 116 may contain a plurality of network devicesthat operate using a master/slave approach, where one of the pluralityof network devices of CRSD 116 operate to manage and/or otherwisecoordinate operations of the other network devices. In otherembodiments, CRSD 116 may operate as a plurality of network deviceswithin a cluster architecture, a peer-to-peer architecture, and/or evenwithin a cloud architecture. Thus, the invention is not to be construedas being limited to a single environment, and other configurations, andarchitectures are also envisaged.

Illustrative Client Device

FIG. 2 shows one embodiment of client device 200 that may be included ina system implementing embodiments of the invention. Client device 200may include many more or less components than those shown in FIG. 2.However, the components shown are sufficient to disclose an illustrativeembodiment for practicing the present invention. Client device 200 mayrepresent, for example, one embodiment of at least one of client devices103-105 of FIG. 1.

As shown in the figure, client device 200 includes a processor 202 incommunication with memory 226 via a bus 234. In some embodiments,processor 202 may include one or more central processing units. Clientdevice 200 also includes a power supply 228, one or more networkinterfaces 236, an audio interface 238, a display 240, a keypad 242, anilluminator 244, a video interface 246, an input/output interface 248, ahaptic interface 250, a hard disk 252, a global positioning system(“GPS”) transceiver 232.

Power supply 228 provides power to client device 200. A rechargeable ornon-rechargeable battery may be used to provide power. The power mayalso be provided by an external power source, such as an alternatingcurrent (“AC”) adapter or a powered docking cradle that supplementsand/or recharges a battery.

Client device 200 may optionally communicate with a base station (notshown), or directly with another computing device. Network interface 236includes circuitry for coupling client device 200 to one or morenetworks, and is constructed for use with one or more communicationprotocols and technologies including, but not limited to, global systemfor mobile communication (“GSM”), code division multiple access(“CDMA”), time division multiple access (“TDMA”), user datagram protocol(“UDP”), transmission control protocol/Internet protocol (“TCP/IP”),SMS, general packet radio service (“GPRS”), WAP, ultra wide band(“UWB”), IEEE 802.16 Worldwide Interoperability for Microwave Access(“WiMax”), session initiated protocol/real-time transport protocol(“SIP/RTP”), or any of a variety of other wireless communicationprotocols. Network interface 236 is sometimes known as a transceiver,transceiving device, or network interface card (“NIC”).

Audio interface 238 is arranged to produce and receive audio signalssuch as the sound of a human voice. For example, audio interface 238 maybe coupled to a speaker and microphone (not shown) to enabletelecommunication with others and/or generate an audio acknowledgementfor some action.

Display 240 may be a liquid crystal display (“LCD”), gas plasma, lightemitting diode (“LED”), or any other type of display used with acomputing device. Display 240 may also include a touch sensitive screenarranged to receive input from an object such as a stylus or a digitfrom a human hand.

Keypad 242 may comprise any input device arranged to receive input froma user. For example, keypad 242 may include a push button numeric dial,or a keyboard. Keypad 242 may also include command buttons that areassociated with selecting and sending images.

Illuminator 244 may provide a status indication and/or provide light.Illuminator 244 may remain active for specific periods of time or inresponse to events. For example, when illuminator 244 is active, it maybacklight the buttons on keypad 242 and stay on while the client deviceis powered. Also, illuminator 244 may backlight these buttons in variouspatterns when particular actions are performed, such as dialing anotherclient device. Illuminator 244 may also cause light sources positionedwithin a transparent or translucent case of the client device toilluminate in response to actions.

Video interface 246 is arranged to capture video images, such as a stillphoto, a video segment, an infrared video, or the like. For example,video interface 246 may be coupled to a digital video camera, aweb-camera, or the like. Video interface 246 may comprise a lens, animage sensor, and other electronics. Image sensors may include acomplementary metal-oxide-semiconductor (“CMOS”) integrated circuit,charge-coupled device (“CCD”), or any other integrated circuit forsensing light.

Client device 200 also comprises input/output interface 248 forcommunicating with external devices, such as a headset, or other inputor output devices not shown in FIG. 2. Input/output interface 248 canutilize one or more communication technologies, such as USB, infrared,Bluetooth™, or the like. Haptic interface 250 is arranged to providetactile feedback to a user of the client device. For example, the hapticinterface 250 may be employed to vibrate client device 200 in aparticular way when another user of a computing device is calling.

Client device 200 may also include GPS transceiver 232 to determine thephysical coordinates of client device 200 on the surface of the Earth.GPS transceiver 232, in some embodiments, may be optional. GPStransceiver 232 typically outputs a location as latitude and longitudevalues. However, GPS transceiver 232 can also employ othergeo-positioning mechanisms, including, but not limited to,triangulation, assisted GPS (“AGPS”), Enhanced Observed Time Difference(“E-OTD”), Cell Identifier (“CI”), Service Area Identifier (“SAI”),Enhanced Timing Advance (“ETA”), Base Station Subsystem (“BSS”), or thelike, to further determine the physical location of client device 200 onthe surface of the Earth. It is understood that under differentconditions, GPS transceiver 232 can determine a physical location withinmillimeters for client device 200; and in other cases, the determinedphysical location may be less precise, such as within a meter orsignificantly greater distances. In one embodiment, however, mobiledevice 200 may through other components, provide other information thatmay be employed to determine a physical location of the device,including for example, a Media Access Control (“MAC”) address, IPaddress, or the like.

Memory 226 includes a Random Access Memory (“RAM”) 204, a Read-onlyMemory (“ROM”) 222, and other storage means. Memory 226 illustrates anexample of computer readable storage media (devices) for storage ofinformation such as computer readable instructions, data structures,program modules or other data. Memory 226 stores a basic input/outputsystem (“BIOS”) 224 for controlling low-level operation of client device200. The mass memory also stores an operating system 206 for controllingthe operation of client device 200. It will be appreciated that thiscomponent may include a general-purpose operating system such as aversion of UNIX, or LINUX™, or a specialized client communicationoperating system such as Windows Mobile™, or the Symbian® operatingsystem. The operating system may include, or interface with a Javavirtual machine module that enables control of hardware componentsand/or operating system operations via Java application programs.

Memory 226 further includes one or more data storage 208, which can beutilized by client device 200 to store, among other things, applications214 and/or other data. For example, data storage 208 may also beemployed to store information that describes various capabilities ofclient device 200. The information may then be provided to anotherdevice based on any of a variety of events, including being sent as partof a header during a communication, sent upon request, or the like. Datastorage 208 may also be employed to store social networking informationincluding address books, buddy lists, aliases, user profile information,or the like. Further, data storage 208 may also store messages, web pagecontent, or any of a variety of user generated content. In someembodiments, data storage 208 may store credit request information,credit report information, or the like. At least a portion of theinformation may also be stored on another component of client device200, including, but not limited to processor readable storage media 230,hard disk 252, or other computer readable storage medias (not shown)within client device 200.

Processor readable storage media 230 may include volatile, nonvolatile,removable, and non-removable media implemented in any method ortechnology for storage of information, such as computer- orprocessor-readable instructions, data structures, program modules, orother data. Examples of computer readable storage media include RAM,ROM, Electrically Erasable Programmable Read-only Memory (“EEPROM”),flash memory or other memory technology, Compact Disc Read-only Memory(“CD-ROM”), digital versatile disks (“DVD”) or other optical storage,magnetic cassettes, magnetic tape, magnetic disk storage or othermagnetic storage devices, or any other physical medium which can be usedto store the desired information and which can be accessed by acomputing device. Processor readable storage media 230 may also bereferred to as computer readable storage device.

Applications 214 may include computer executable instructions which,when executed by client device 200, transmit, receive, and/or otherwiseprocess network data. Network data may include, but is not limited to,messages (e.g. SMS, Multimedia Message Service (“MMS”), instant message(“IM”), email, and/or other messages), audio, video, and enabletelecommunication with another user of another client device.Applications 214 may include, for example, messaging application 216,browser application 218, or the like. Applications 214 may include otherapplications 220, which may include, but are not limited to, calendars,search programs, email clients, IM applications, SMS applications, voiceover Internet Protocol (“VOIP”) applications, contact managers, taskmanagers, transcoders, database programs, word processing programs,security applications, spreadsheet programs, games, search programs, andso forth.

Messaging application 216 may be configured to manage a messagingsession using any of a variety of messaging communications including,but not limited to email, SMS, IM, MMS, internet relay chat (“IRC”),Microsoft IRC (“mIRC”), Really Simple Syndication (“RSS”) feeds, and/orthe like. For example, in one embodiment, messenger 216 may beconfigured as an IM application, such as AOL (America Online) InstantMessenger, Yahoo! Messenger, .NET Messenger Server, ICQ (“I seek you”),or the like. In one embodiment, messaging application 216 may beconfigured to include a mail user agent (“MUA”) such as Elm, Pine,Message Handling (“MH”), Outlook, Eudora, Mac Mail, Mozilla Thunderbird,or the like. In another embodiment, messaging application 216 may be aclient application that is configured to integrate and employ a varietyof messaging protocols, including, but not limited to various pushand/or pull mechanisms for client device 200. In one embodiment,messaging application 216 may interact with browser application 218 formanaging messages. As used herein, the term “message” refers to any of avariety of messaging formats, or communications forms, including, butnot limited to, email, SMS, IM, MMS, IRC, or the like. In oneembodiment, messaging application 216 may enable a user of client device200 (i.e. a consumer) to communicate with another network device, suchas PSD 110, IASD 112, or the like. For example, messaging application216 may enable a consumer to provide information (e.g. OTP, UIDN, CVTNs,or the like) to a provider and/or an identity authority. In otherembodiments, messaging application 216 may enable a consumer to receiveOTP requests, CVTNs, or the like.

Browser application 218 may include virtually any application configuredto receive and display graphics, text, multimedia, and the like,employing virtually any web based language. In one embodiment, thebrowser application is enabled to employ HDML, WML, WMLScript,JavaScript, SGML, HTML, XML, and the like, to display and send amessage. However, any of a variety of other web-based programminglanguages may be employed. In one embodiment, browser application 218may enable a user of client device 200 to communicate with anothernetwork device, such as PSD 110, IASD 112, or the like. For example,browser application 218 may enable a consumer to provide information(e.g. OTP, UIDN, CVTNs, or the like) to a provider and/or an identityauthority.

Illustrative Network Device

FIG. 3 shows one embodiment of a network device 300, according to oneembodiment of the invention. Network device 300 may include many more orless components than those shown. The components shown, however, aresufficient to disclose an illustrative embodiment for practicing theinvention. Network device 300 may be configured to operate as a server,client, peer, a host, or any other device. Network device 300 mayrepresent, for example PSD 110, IASD 112, CBSD 114, and/or CRSD 116 ofFIG. 1, and/or other network devices.

Network device 300 includes processor 302, processor readable storagemedia 328, network interface unit 330, an input/output interface 332,hard disk drive 334, video display adapter 336, and memory 326, all incommunication with each other via bus 326. In some embodiments,processor 302 may include one or more central processing units.

As illustrated in FIG. 3, network device 300 also can communicate withthe Internet, or some other communications network, via networkinterface unit 330, which is constructed for use with variouscommunication protocols including the TCP/IP protocol. Network interfaceunit 330 is sometimes known as a transceiver, transceiving device, ornetwork interface card (“NIC”).

Network device 300 also comprises input/output interface 332 forcommunicating with external devices, such as a keyboard, or other inputor output devices not shown in FIG. 3. Input/output interface 332 canutilize one or more communication technologies, such as USB, infrared,Bluetooth™, or the like. In some embodiments, Network device 300 maycommunicate with biometric smartcard 400 through input/output interface332.

Memory 326 generally includes RAM 304, ROM 322 and one or more permanentmass storage devices, such as hard disk drive 334, tape drive, opticaldrive, and/or floppy disk drive. Memory 326 stores operating system 306for controlling the operation of network device 300. Any general-purposeoperating system may be employed. Basic input/output system (“BIOS”) 324is also provided for controlling the low-level operation of networkdevice 300.

Although illustrated separately, memory 326 may include processorreadable storage media 328. Processor readable storage media 328 may bereferred to and/or include computer readable media, computer readablestorage media, and/or processor readable storage device. Processorreadable storage media 328 may include volatile, nonvolatile, removable,and non-removable media implemented in any method or technology forstorage of information, such as computer readable instructions, datastructures, program modules, or other data. Examples of processorreadable storage media include RAM, ROM, EEPROM, flash memory or othermemory technology, CD-ROM, digital versatile disks (DVD) or otheroptical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other media which canbe used to store the desired information and which can be accessed by acomputing device.

Memory 326 further includes one or more data storage 308, which can beutilized by network device 300 to store, among other things,applications 314 and/or other data. For example, data storage 308 mayalso be employed to store information that describes variouscapabilities of network device 300. The information may then be providedto another device based on any of a variety of events, including beingsent as part of a header during a communication, sent upon request, orthe like. Data storage 308 may also be employed to store messages, webpage content, or the like. At least a portion of the information mayalso be stored on another component of network device 300, including,but not limited to processor readable storage media 328, hard disk drive334, or other computer readable storage medias (not shown) within clientdevice 200.

Data storage 308 may include a database, text, spreadsheet, folder,file, or the like, that may be configured to maintain and store useraccount identifiers, user profiles, email addresses, IM addresses,and/or other network addresses; or the like. Data stores 308 may furtherinclude program code, data, algorithms, and the like, for use by aprocessor, such as processor 302 to execute and perform actions. In oneembodiment, at least some of data store 308 might also be stored onanother component of network device 300, including, but not limited toprocessor-readable storage device 328, hard disk drive 334, or the like.

Data storage 308 may further store consumer data 310. Consumer data 310may include credit requests, credit records (e.g. approved creditrequests, rejected credit requests, credit payments, fees, or the like),consumer UIDNs, PVTNs for authentic credit requests, credit reports,CVTNs, RIDs, PSNs, or the like. Consumer data 310 may also includepersonal information for consumers, biometric smartcard information, orthe like.

Applications 314 may include computer executable instructions, which maybe loaded into mass memory and run on operating system 306. Examples ofapplication programs may include transcoders, schedulers, calendars,database programs, word processing programs, Hypertext Transfer Protocol(“HTTP”) programs, customizable user interface programs, IPSecapplications, encryption programs, security programs, SMS messageservers, IM message servers, email servers, account managers, and soforth. Messaging server 316, web server 318, and identity authorityserver (“IAS”) 320 may also be included as application programs withinapplications 314.

Messaging server 316 may include virtually any computing component orcomponents configured and arranged to forward messages from message useragents, and/or other message servers, or to deliver messages to a localmessage store, such as data storage 308, or the like. Thus, messagingserver 316 may include a message transfer manager to communicate amessage employing any of a variety of email protocols, including, butnot limited, to Simple Mail Transfer Protocol (“SMTP”), Post OfficeProtocol (“POP”), Internet Message Access Protocol (“IMAP”), Network NewTransfer Protocol (“NNTP”), or the like. Messaging server 316 may alsobe managed by one or more components of messaging server 316. Thus,messaging server 316 may also be configured to manage SMS messages, IM,MMS, IRC, RSS feeds, mIRC, or any of a variety of other message types.In one embodiment, messaging server 316 may enable users to initiateand/or otherwise conduct chat sessions, VOIP sessions, or the like. Insome embodiments, messaging server 316 may be configured to enable aconsumer (e.g. a user of client devices 103-105 of FIG. 1) to providecredit requests, identity verification information (e.g. OTP, UIDN,CVTN, RID, PSN, or the like) to a provider (e.g. PSD 110 of FIG. 1),identity authority (e.g. IASD 112 of FIG. 1), or the like.

Web server 316 represent any of a variety of services that areconfigured to provide content, including messages, over a network toanother computing device. Thus, web server 316 includes, for example, aweb server, a File Transfer Protocol (“FTP”) server, a database server,a content server, or the like. Web server 316 may provide the contentincluding messages over the network using any of a variety of formatsincluding, but not limited to WAP, HDML, WML, SGML, HTML, XML, CompactHTML (“cHTML”), Extensible HTML (“xHTML”), or the like. Web server 316may also be configured to enable a consumer (e.g. a user of clientdevices 103-105 of FIG. 1) to provide credit requests, identityverification information (e.g. OTP, UIDN, CVTN, RID, PSN, or the like)to a provider (e.g. PSD 110 of FIG. 1), identity authority (e.g. IASD112 of FIG. 1), or the like.

IAS 320 may be configured to perform credit request authenticationservices for a provider. In some embodiments, IAS 320 may receiveidentity verification requests from a provider and may respond with averification response. In one embodiment, IAS 320 may authenticate anOTP generated by a biometric smartcard of a consumer. In at least oneembodiment, IAS 320 can request an OTP from a consumer. In someembodiments, IAS 320 may generate and provide a consumer a CVTN when anOTP is authentic. In other embodiments, IAS 320 may generate and providea provider a PVTN when an OTP is authentic or when a CVTN received fromthe provider is authentic. In any event, IAS 320 may employ processes,or parts of processes, similar to those described elsewhere in theSpecification such as in conjunction with FIGS. 5, 6, 8, and 10 toperform at least some of its actions.

Illustrative Biometric Smartcard

FIG. 4 shows one embodiment of a biometric smartcard 400, according toone embodiment of the invention. Biometric smartcard 400 may includemany more or less components than those shown. The components shown,however, are sufficient to disclose an illustrative embodiment forpracticing the invention. Biometric smartcard 400 may represent, forexample, one embodiment of biometric smartcard 101 of FIG. 1.

As shown in the figure, biometric smartcard 400 includes a processor 402in communication with memory 428 via a bus 406. In some embodiments,processor 202 may include one or more central processing units.Biometric smartcard 400 also includes a power supply 408, a display 422,a touch sensor 424, and an image sensor 426.

Power supply 408 provides power to biometric smartcard 400. Arechargeable or non-rechargeable battery may be used to provide power.The power may also be provided by an external power source, such as analternating current (“AC”) adapter or a powered docking cradle thatsupplements and/or recharges a battery.

Display 422 may be a liquid crystal display (“LCD”), gas plasma, lightemitting diode (“LED”), digital ink display panel, or any other type ofdisplay used with a computing device. Display 422 may also include atouch sensitive screen arranged to receive input from an object such asa stylus or a digit from a human hand. Such a touch sensitive screenmay, in one embodiment, employ embodiments of touch sensor 424.

Touch sensor 424 may be configured to capture biometric information of aconsumer when the consumer swipes, presses, or otherwise touches a bodypart to touch sensor 424. Touch sensor 424 may be configured to capturea consumer's fingerprint, palm print, handprint, or the like. In oneembodiment, fingerprints from one or more fingers may be captured bytouch sensor 424. In other embodiments, touch sensor 424 may beconfigured to detect body temperature, a human pulse, or the like.

Image sensor 426 may be configured to capture biometric information of aconsumer using an image detection device. In one embodiment, imagesensor 426 may include a complementary metal-oxide-semiconductor(“CMOS”) integrated circuit, charge-coupled device (“CCD”), or any otherintegrated circuit for sensing light. Image sensor 426 may be configuredto capture an image of a consumer's face, iris, or the like. In someembodiments, image sensor 426 may capture still photos, video segments,or the like.

Memory 428 includes a Random Access Memory (“RAM”) 404, a Read-onlyMemory (“ROM”) 430, and other storage means. Memory 428 illustrates anexample of computer readable storage media (devices) for storage ofinformation such as computer readable instructions, data structures,program modules or other data.

ROM 430 may store unique identification number (“UIDN”) 412, consumerprofile information 414, identity authority information 416, andconsumer biometric template 418. UIDN 412 may include a unique numberassigned to a consumer of biometric smartcard 400. In one embodiment,UIDN may be assigned to the consumer by an identity authority. In someembodiments, UIDN 412 may uniquely correspond to consumer biometrictemplate 418.

Consumer biometric template 418 may include one or more biometrictemplates of biometric information of a consumer of biometric smartcard400. Consumer biometric template 418 may include one or more templatesof the consumer's fingerprints, palm prints, handprints, facial image,iris image or the like, or any combination thereof. Consumer biometrictemplate 418 may be utilized (e.g. by other applications 410) toauthenticate a fingerprint, facial image, iris image, or the likecaptured by touch sensor 424 and/or image sensor 426. Consumer biometrictemplate 418 may be encrypted and/or otherwise stored on biometricsmartcard 400 to obstruct external access to consumer biometric template418 (i.e. make it difficult for a person and/or externaldevice/application to hack and/or otherwise steal consumer biometrictemplate 418).

Consumer profile information 414 may include additional informationabout a consumer of biometric smartcard 400. Consumer profileinformation 414 may include, but is not limited to, the consumer's name,residence, citizenship, telephone number, fax number, other personalinformation, or the like, or any combination thereof.

Identity authority information 416 may include information about anidentity authority associated with the biometric smartcard. Identityauthority information 416 may include, but is not limited to, atelephone number, fax number, text-based mobile phone number (e.g.SMS-supported mobile phone number), a website uniform resource locator(“URL”), an email address, or the like.

Memory 418 may also store other applications 410. In some embodiments,other applications 410 may include an application for authenticatingbiometric information captured by touch sensor 424 and/or image sensor426. In one embodiment, such authenticating application may comparecaptured biometric information with consumer biometric template 418.When captured biometric information matches consumer biometric template418, an authenticating application may indicate that the capturedbiometric information is authentic.

Other applications 410 may also include an application for generating anOTP when the captured biometric information is authentic. In someembodiments, a generated OTP may be displayed to the consumer on display422. In at least one of the various embodiments, the OTP may have anexpiration time period, such that the OTP may become unauthentic and/orinvalid if an identity authority does not affirmatively authenticate theOTP before the expiration time period ends. Such an expiration timeperiod may be based at least in part on security requirements, such as,but not limited to, an amount of time needed for the OTP to be providedto and authenticated by an identity authority.

Processor readable storage media 420 may include volatile, nonvolatile,removable, and non-removable media implemented in any method ortechnology for storage of information, such as computer- orprocessor-readable instructions, data structures, program modules, orother data. Examples of computer readable storage media include RAM,ROM, Electrically Erasable Programmable Read-only Memory (“EEPROM”),flash memory or other memory technology, Compact Disc Read-only Memory(“CD-ROM”), digital versatile disks (“DVD”) or other optical storage,magnetic cassettes, magnetic tape, magnetic disk storage or othermagnetic storage devices, or any other physical medium which can be usedto store the desired information and which can be accessed by acomputing device. Processor readable storage media 420 may also bereferred to as computer readable storage device.

Biometric smartcard 400 may also comprises (not shown) an input/outputinterface for communicating with external devices, such as, for example,client devices 103-105 of FIG. 1. The input/output interface may utilizeone or more communication technologies, such as USB, infrared,Bluetooth™, or the like. In other embodiments, biometric smartcard 400may include (not shown) one or more networking interfaces. Such anetworking interface may enable biometric smartcard to communicate withan identity authority, such as IASD 112. Such communication may enablethe identity authority to authentic an OTP generated by biometricsmartcard 400.

General Operation

The operation of certain aspects of the invention will now be describedwith respect to FIGS. 5-11. FIG. 5 illustrates a logical flow diagramgenerally showing one embodiment of an overview process forauthenticating a credit request for consumer. In some embodiments,process 500 or portions of process 500 of FIG. 5 may be implemented byand/or executed on one or more network devices, such as network device300 of FIG. 3.

Process 500 begins, after a start block, at block 502, where a biometricsmartcard and UIDN may be provided to a consumer. In one embodiment, thebiometric smartcard may be an embodiment of biometric smartcard 400 ofFIG. 4. In at least one of the various embodiments, the UIDN may beunique to the consumer. In some embodiments, the UIDN may be unique tothe biometric smartcard. The UIDN may be, but is not limited to, asocial security number, a driver's license number, an employeeidentification number, account number, a consumer unique arbitrarynumber, or the like. In one embodiment, a consumer may receive one ormore UIDNs. In some embodiments, each of a plurality of UIDNs maycorrespond to a different biometric smartcard.

The biometric smartcard and UIDN may be provided to the consumer by anidentity authority. In some embodiments, a consumer may receive one ormore biometric smartcards and/or UIDNs from one or more identityauthorities. In one embodiment, the consumer may apply for the biometricsmartcard with an identity authority. To apply for the biometricsmartcard and/or UIDN, the consumer may, in one embodiment, providepersonal information, including biometric information to the identityauthority. Such biometric information may include, but is not limitedto, biometric templates of fingerprints, handprints, palm prints, facialimages, iris images, or the like, or any combination thereof. Thebiometric information may be utilized to create one or more biometrictemplates. The one or more biometric templates may be utilized toconfigure a biometric smartcard for the consumer. In one embodiment, thebiometric templates may be stored in the circuitry of the biometricsmartcard (e.g. in ROM). In some embodiments, the biometric templatesmay be encrypted, tamperproof, and/or otherwise secured within thebiometric smartcard.

In some embodiments, the biometric smartcard may also be configured withpersonal information of the consumer. Such personal information mayinclude, but is not limited to, the consumer's name, residence,citizenship, telephone number, fax number, place of work, and/or thelike. In other embodiments, the biometric smartcard may be furtherconfigured to store information about the identity authority, such as,for example, a telephone number, fax number, a text-based mobile phonenumber (e.g. SMS-supported mobile phone number), a website URL, an emailaddress, or the like.

Once configured, with at least one or more biometric templates, thebiometric smartcard may be provided to the consumer. In one embodiment,the consumer may pick up the biometric smartcard in person at theidentity authority. In another embodiment, the identity authority maysend the biometric smartcard to the consumer, such as by mail, courier,or the like.

In at least one of the various embodiments, each biometric smartcard mayinclude a unique serial number. The identity authority may store amapping between each biometric smartcard serial number and acorresponding consumer's UIDN. In some embodiments, the identityauthority may store consumer personal information, consumer UIDNs,biometric smartcard serial numbers, OTP generation algorithms for eachbiometric smartcard, or the like. In one embodiment, the identityauthority may also store biometric information of the consumer.

In any event, process 500 continues at block 504, where the consumerrequests credit from a provider. In at least one of the variousembodiments, the provider may be separate and/or distinct from theidentity authority. In some embodiments, credit may be requested online(e.g. through a provider's website), by telephone, by facsimile, bytext-based messages (e.g. SMS), by email, in person, by paper mail, atan ATM device, or the like. In some embodiments, the consumer may fillout a credit application to request credit.

In some embodiments, the credit request may include the consumer's UIDN,a CVTN provided by an identity authority, other consumer information,credit request amount, payment plan, provider information, productand/or service information, or the like. Consumer information mayinclude, for example, but is not limited to, telephone number, faxnumber, text-based mobile phone number, email address, home address,name, or the like. Payment plan information may include, for example,but is not limited to, frequency of payments, amount of payments, timeperiod for repayment, late fees, or the like. Provider information mayinclude, for example, but is not limited to, an RID, name, address,telephone number, fax number, website URL, email address, or the like.Product and/or service information may include, for example, but is notlimited to, one or more PSNs, a product/service name/description, or thelike, or the like.

Processing then flows to block 505, where an identity authorityauthenticates the consumer's credit request for the provider based oninformation provided by the consumer's biometric smartcard. In someembodiments, the identity authority may be a third party separate fromthe consumer and the provider. Various embodiments for authenticatingthe credit request are described in more detail below in conjunctionwith FIGS. 6, 8, and 10. In some embodiments, authenticating the creditrequests includes authenticating an identity of the consumer.

In at least one of the various embodiments, the biometric smartcard mayprovide information to the consumer when biometric information of theconsumer is affirmatively authenticated by the biometric smartcard. Inone embodiment, biometric information may be authentic when afingerprint of the consumer (e.g. when the consumer presses a finger ona touch sensor on the biometric smartcard) matches a fingerprinttemplate stored on the biometric smartcard. In other embodiments,biometric information may be authentic when a facial image and/or irisimage of the consumer matches a facial template and/or iris template,respectively, stored on the biometric smartcard. However, the inventionis not so limited, and other biometric information may be authenticated,such as, for example, but not limited to, a palm print, handprint, orthe like. In some embodiments, the biometric smartcard may provideinformation when a plurality of biometric information is affirmativelyauthenticated.

In some embodiments, the information provided by the biometric smartcardmay include, for example, but not limited to, identity authorityinformation, UIDN of the consumer, biometric smartcard serial number, orthe like.

In other embodiments, the information provided by the biometricsmartcard may be an OTP generated by the biometric smartcard. In someembodiments, the OTP may include an expiration time period for the OTPto be authenticated by the identity authority. Non-limiting,non-exhaustive examples of OTP expiration time periods may include, butare not limited to, 30 seconds, one minute, or the like. Thus, an OTPauthentication may fail if the OTP is not affirmatively authenticated bythe identity authority before the OTP expiration time period ends.

In some embodiments, the biometric smartcard and the identity authoritymay include a same OTP generation algorithm, such that both generate asame OTP within a same expiration time period. In such an embodiment,the identity authority may affirmatively authenticate an OTP generatedfrom a biometric smartcard by matching it to an OTP generated by theidentity authority utilizing the same OTP generation algorithm. Forexample, assume an OTP has a 3 minute expiration time period and boththe biometric smartcard and the identity authority may generate a sameOTP during the expiration time period. In such an example, if theidentity authority receives an OTP after the expiration time period forthe OTP, then the OTP generated by the identity authority may bedifferent than the received OTP, which may result in a failed OTPauthentication. In some embodiments, a received OTP that is differentthan an OTP generated by the identity authority may indicate that thereceived OTP is invalid either because the expiration time period mayhave ended and/or the received OTP may be unauthentic.

However, the invention is not so limited and other method may beemployed for authenticating an OTP. For example, in one embodiment, whenthe biometric smartcard generates an OTP, the biometric smartcard maytransmit a separate unique code to the identity authority. The identityauthority can then utilize the separate code to generate an identityauthority OTP (or other verification number) to compare with thebiometric smartcard OTP. In some other embodiments, the biometricsmartcard may notify the identity authority when an OTP is generated,which may start an expiration time period for that particular OTP.

In any event, process 500 continues at decision block 506, where adetermination may be made whether the credit request was authentic. Insome embodiments, the credit request may be authentic if an OTP receivedat the identity authority is authentic. In one embodiment, the receivedOTP may be authentic if it matches an OTP generated by the identityauthority.

In other embodiments, the credit request may be authentic if a CVTNreceived at the identity authority is authentic. In one embodiment, aconsumer may be provided a CVTN when an OTP is authentic. The CVTN maybe included with the credit request and authenticated at the identityauthority based on a comparison with the CVTN provided to the consumer.If the credit request is authentic, then processing flows to decisionblock 507; otherwise, processing flows to block 510.

At decision block 507, a determination may be made whether the consumerhas an acceptable credit rating. In one embodiment, the provider mayutilize a credit report for the consumer to determine if the consumerhas an acceptable credit rating. In one embodiment, the provider mayrequest a credit report from one or more credit bureaus, such as CBSD114 of FIG. 1. In another embodiment, the provider may internallymaintain credit reports and/or credit ratings for consumers. In at leastone of the various embodiments, the credit bureau may be separate and/ordistinct from the identity authority and/or the providers. In some otherembodiments, requesting a credit report and/or credit rating from acredit bureau may be optional and may not be performed.

In some embodiments, a consumer may have an acceptable credit rating ifthe consumer's credit rating is above a defined threshold. In oneembodiment, each good, service, credit amount, provider, or the like,may have a different threshold value for determining if the consumer'scredit rating is acceptable. For example, assume consumer credit ratingsmay be from 0-800 points. Buying a $5.00 item on credit, in thisexample, may have an acceptable credit rating threshold of 400 points,where buying a $500.00 item on credit may have an acceptable creditrating threshold of 525 points, and so on. However, this example is notto be considered exhaustive or limiting; rather, other credit ratings,ranges of credit ratings, credit rating threshold values, or the like,may be employed.

If the consumer has an acceptable credit rating, then processing flowsto block 508; otherwise, processing flows to block 510. At block 508,the provider may provide the requested credit to the consumer. In someembodiments, the provider may notify one or more credit bureaus that theprovider approved the consumer's credit request. In some otherembodiments, notifying the credit bureaus of approved consumer creditrequests may be optional and may not be performed. Processing thenreturns to a calling process to perform other actions.

If the consumer does not have an acceptable credit rating or if thecredit request is not authentic, then processing flows to block 510. Atblock 510, the credit request may be rejected by the provider. In oneembodiment, the provider may notify the consumer that the credit requestwas rejected. The provider may notify the consumer of the rejectedcredit by telephone, facsimile, text-based message (e.g. SMS, email, orthe like), paper mail, or the like. In one embodiment, the creditrequest rejection may indicate why the credit request was rejected (e.g.unauthentic credit request, unacceptable credit rating, or the like).

FIG. 6 illustrates a logical flow diagram generally showing oneembodiment of a process for utilizing an identity authority and aone-time-pin generated from a consumer biometric smartcard toauthenticate a credit request from a consumer. In some embodiments,process 600 or portions of process 600 of FIG. 6 may be implemented byand/or executed on one or more network devices, such as network device300 of FIG. 3

Process 600 begins, after a start block, at block 602, where a providerreceives a credit request and UIDN from a consumer. In one embodiment,the consumer may provide the credit request and UIDN by way of a creditapplication. In some embodiments, the consumer may submit the creditapplication to the provider through a website, at an ATM device, bypaper, in person, or the like. In at least one embodiment, block 602 mayemploy embodiments of block 504 of FIG. 5 for a consumer to provide acredit request to a provider.

Process 600 continues at block 604, where the provider requests an OTPgenerated from a biometric smartcard from the consumer. In oneembodiment, the biometric smartcard may generate the OTP when biometricinformation entered into the biometric smartcard is affirmativelyauthenticated. In one embodiment, a plurality of biometric informationmay be entered for authentication, such as, for example, but not limitedto, iris, facial, fingerprint, other biometric information, and/or anycombination thereof. In one non-limiting example, an affirmativeauthentication may occur when a consumer presses a finger on a touchsensor, such that a fingerprint captured by the touch sensor matches afingerprint template stored on the biometric smartcard.

The provider may request the OTP (and in some embodiments, theconsumer's UIDN) from the consumer by way of telephone, text-basedmessage (e.g. SMS, email, or the like), through an ATM device, inperson, by paper mail, or the like. Once generated, the consumer mayprovide the OTP to the provider. In some embodiments, the consumer mayprovide the OTP to the provider by telephone, by facsimile, bytext-based message (e.g. SMS, email, or the like), in person, throughthe provider's website, through an ATM device, by paper mail, or thelike. In at least one of the various embodiments, the OTP may beprovided to the provider through a secure means, such as, but notlimited to, through a secured internet connection, or the like.

Process 600 next proceeds to block 606, where the provider may providethe OTP and UIDN to an identity authority. In some embodiments, theidentity authority may be a third party separate from the consumer andthe provider. In at least one of the various embodiments, the OTP andUIDN may be provided to the identity authority in an identityverification request. In some embodiments, the provider may determinewhich identity authority to provide the OTP based on the credit request.For example, in one embodiment, a consumer may enter identity authorityinformation on a credit request application. In some embodiments, suchidentity authority information may be obtained from the biometricsmartcard. In one embodiment, the identity authority information may bestored on the biometric smartcard and may be accessible when an OTP isgenerated. In other embodiments, the identity authority information maybe visibly printed on the biometric smartcard. In at least one of thevarious embodiments, the provider may provide the OTP and/or the UIDN tothe identity authority through a secure means, such as, but not limitedto, through a secured internet connection, or the like.

Process 600 then flows to decision block 608, where a determination ismade whether the OTP is authentic. In some embodiments, the identityauthority may generate an OTP to compare with the OTP received from theprovider. In one embodiment, the identity authority may generate an OTPby a same algorithm used by the consumer's biometric smartcard. Inanother embodiment, the identity authority may receive a separate uniquecode from the biometric smartcard, which may be utilized to generate anOTP. In one such embodiment, the biometric smartcard may transmit theseparate unique code to the identity authority when the biometricsmartcard generates an OTP. In one embodiment, an OTP received from theprovider may be authentic if it matches an OTP generated by the identityauthority.

In at least one of the various embodiments, the OTP may not be authenticif an expiration time period of the OTP has ended. In one embodiment, anOTP may be valid for a predetermined period of time (i.e. expirationtime period). If the OTP is not authenticated before the expiration timeperiod ends, then the OTP may be determined to be unauthentic. If theOTP is authentic, then processing flows to block 610; otherwise,processing flows to block 612.

At block 610, the identity authority may provide a PVTN to the providerfor the credit request. In one embodiment, the PVTN may be a uniquenumber for the credit request. The PVTN may be utilized to prevent theconsumer from later disputing the credit request and/or approved credit.

Process 600 then flows to block 614, where the provider requests acredit report for the consumer from a credit bureau. In someembodiments, the provider may request the consumer's credit report basedon the UIDN. In other embodiments, the provider may resolve the UIDNinto another identifier recognized by the credit bureau, such as, forexample, the consumer's name and date of birth, social security number,credit bureau identification number, and/or the like. In some otherembodiments, the provider may utilize the UIDN and PVTN to request theconsumer's credit report. In some embodiments, requesting the creditreport from a credit bureau may be optional and may not be performed. Inone embodiment, the provider may internally maintain credit reportsand/or credit ratings of consumers separate from credit bureaus.

The credit report may include a plurality of information about a credithistory of the consumer. In one embodiment, the credit report mayidentify other approved and/or rejected credit requests. In anotherembodiment, the credit report may include an overall credit rating forthe consumer. However, the invention is not so limited and the creditreport may include other information about the consumer's credithistory. In at least one embodiment, the provider may utilize the creditreport to approve the credit request by determining if the consumer hasan acceptable credit rating.

Continuing to decision block 616, a determination may be made whetherthe consumer has an acceptable credit rating. In one embodiment,decision block 616 may employ embodiments of decision block 507 of FIG.5 to determine if the consumer has an acceptable credit rating. If theconsumer has an acceptable credit rating, then processing flows to block618; otherwise, processing flows to block 612.

At block 612, the requested credit may be rejected. In one embodiment,block 612 may employ embodiments of block 510 of FIG. 5 to reject thecredit request. In some embodiments, the provider may provide a creditreport update identifying the rejected credit request. In at least oneof the various embodiments, the credit report update may include theUIDN and/or the PVTN. In one embodiment, the credit report update mayindicate that the credit request was not authentic. In anotherembodiment, the credit report update may indicate that the consumer didnot have an acceptable credit rating. In yet other embodiments, thecredit report update may include other information as to why the creditrequest was rejected.

In some embodiments, the credit report update may be provided to one ormore credit bureaus. In one embodiment, the credit bureau may storeunauthentic credit requests (e.g. unauthentic OTPs) to help identifyidentity theft. For example, if a threshold number of unauthentic OTPsare provided to a provider for a consumer's UIDN, then the UIDN may bedetermined to be stolen. In other embodiments, the credit report updatemay be maintained by the provider. In some other embodiments, providingthe credit report update to credit bureaus may be optional and may notbe performed.

Processing then returns to a calling process to perform other actions.

If the consumer has an acceptable credit rating, then processing flowsto block 618. At block 618, the provider may provide credit to theconsumer. In at least one of the various embodiments, block 618 mayemploy embodiments of block 508 of FIG. 5 to provide credit to theconsumer.

Process 600 next proceeds at block 620, where the provider may providean update to the credit report for the consumer based on the approvedcredit. In some embodiments, the credit report update may be provided toone or more credit bureaus. In other embodiments, the credit reportupdate may be maintained by the provider, separate from a credit bureau.In at least one of the various embodiments, the credit report update mayinclude the UIDN and/or the PVTN. In some embodiments, the credit reportupdate may indicate that the credit request was approved. In oneembodiment, the credit report update may identity an amount of creditprovided to the consumer. In some other embodiments, providing thecredit report update to credit bureaus may be optional and may not beperformed

Processing then returns to a calling process to perform other actions.

FIG. 7 shows one embodiment of a system for implementing a creditrequest authentication process such as that shown in FIG. 6. System 700may include consumer 702, provider 704, identity authority 706, andcredit bureau 708. Consumer 702 may be a user of client devices 103-105,ATM device 102, or telephone/fax device 106 of FIG. 1. Provider 704 maybe an embodiment of PSD 110 of FIG. 1. Identity authority 706 may be anembodiment of IASD 112 of FIG. 1. Credit bureau 708 may be an embodimentof CBSD 114 of FIG. 1. In some embodiments, credit bureau 708 may beoptional and may not be utilized.

First, consumer 702 may provide a credit request to provider 704. Thecredit request may include a UIDN of consumer 702.

Second, provider 704 may request an OTP from consumer 702.

Third, consumer 702 may obtain an OTP generated from a biometricsmartcard, such as biometric smartcard 200 of FIG. 2, and provide it toprovider 704.

Fourth, provider 704 may send an identity verification request toidentity authority 706 for the credit request. The identity verificationrequest may include the OTP and UIDN received from consumer 702.

Fifth, identity authority 706 may authenticate the OTP and provide averification response to provider 704. If the OTP is authentic, then theverification response may include a PVTN for the credit request. If theOTP is not authentic, then the verification response may indicate thatcredit request authentication for consumer 702 failed.

Sixth, provider 704 may utilize the UIDN or other resolved identifierunderstood by credit bureau 708 to request a credit report from creditbureau 708 for consumer 702. In one embodiment, provider 704 may utilizethe PVTN to request a credit report from credit bureau 708 for consumer702. In some embodiments, requesting a credit report from credit bureau708 may be optional and may not be performed.

Seventh, credit bureau 708 may provide a credit report for consumer 702to provider 704.

Eighth, provider 704 may provide credit to consumer 702 if the creditreport shows consumer 702 has an acceptable credit rating. If consumer702 has an unacceptable credit rating, then provider 704 may provide acredit request rejection to consumer 702.

Ninth, provider 704 may provide a credit report update for consumer 702to credit bureau 708. The credit report update may indicate whether thecredit request was approved or rejected by provider 704.

FIG. 8 illustrates a logical flow diagram generally showing oneembodiment of a process for utilizing an identity authority and aone-time-pin generated from a consumer biometric smartcard toauthenticate a credit request from a consumer. In some embodiments,process 800 or portions of process 800 of FIG. 8 may be implemented byand/or executed on one or more network devices, such as network device300 of FIG. 3

Process 800 begins, after a start block, at block 602, where theconsumer provides an OTP authentication request to an identityauthority. In some embodiments, the identity authority may be a thirdparty separate from the consumer and a provider. The OTP authenticationrequest may include, but is not limited to, a UIDN for the consumer, anRID for a provider, and an OTP generated from a biometric smartcard ofthe consumer, or the like. In some embodiments, the OTP authenticationrequest may include a PSN for a product and/or service which may utilizecredit to purchase. In some embodiments, the consumer may request OTPauthentication from the identity authority by telephone, facsimile,text-based message (e.g. SMS, email, or the like), paper mail, throughan ATM device, or the like. In one embodiment, the OTP request may beprovided to the identity authority through a secure means, such as, butnot limited to, through a secured internet connection, or the like.

Process 800 continues at decision block 804, where a determination maybe made whether the OTP is authentic. In one embodiment, decision block804 may employ embodiments of decision block 608 of FIG. 6 to determinewhether the OTP is authentic. If the OTP is authentic, then processingflows to block 808; otherwise, processing flows to block 806.

At block 806, the consumer may be notified that the OTP is invalid (i.e.unauthentic). In one embodiment, the identity authority may provide atext-based message (e.g. SMS, email, or the like), automated telephonemessage, paper mail, or the like, to the consumer indicating that theOTP was invalid. In some embodiments, the identity authority may providea credit report update to a credit bureau with the consumer's UIDN toindicate that an invalid OTP was received. In one embodiment, a numberof invalid OTPs above a predetermined threshold may indicate that theconsumer's UIDN may have been stolen or otherwise used without theconsumer authorization. Processing may loop to block 802 to receiveanother OTP from the consumer.

If the OTP is authentic, then process 800 flows to block 808. At block808, the identity authority may provide a CVTN to the consumer. In oneembodiment, the CVTN may be unique to the OTP and/or a credit request.In some embodiments, the identity authority may provide the CVTN to theconsumer by text-based message (e.g. SMS, email, or the like), automatedtelephone message, paper mail, ATM device, or the like.

Process 800 proceeds to block 810, where the consumer provides a creditrequest to a provider. In one embodiment, the credit request may includea UIDN for the consumer and the CVTN from the identity authority. In atleast one of the various embodiments, block 810 may employ embodimentsof block 602 of FIG. 6 to request credit from a consumer.

Continuing at block 812, the provider provides the UIDN and the CVTN tothe identity authority. In some embodiments, the provider may alsoprovide an RID for the provider to the identity authority. In at leastone of the various embodiments, the UIDN, RID, and/or CVTN may beprovided to the identity authority as an identity verification request.In some embodiments, the identity verification request may include a PSNfrom the credit request. In one embodiment, the PSN may identify aproduct and/or service for which the requested credit may be applied. Inat least one of the various embodiments, block 812 may employembodiments of block 606 of FIG. 6 to provide an identity verificationrequest to the identity authority.

Process 800 then flows to decision block 814, where a determination ismade whether the CVTN is authentic. In one embodiment, the identityauthority may compare the CVTN received from the provider with the CVTNgenerated and provided to the consumer (at block 808). In oneembodiment, such a comparison may be performed by mapping the receivedUIDN to a CVTN provided to the consumer. In some embodiments, if thereceived CVTN matches the CVTN provided to the consumer, then the CVTNmay be authentic. If the CVTN is authentic, then processing flows toblock 818; otherwise, processing flows to block 816.

At block 818, the identity authority may provide a PVTN to the providerfor the credit request. In at least one of the various embodiments,block 818 may employ embodiments of block 610 of FIG. 6 to provide aPVTN to the provider.

Process 800 continues at block 822, where the provider may request acredit report for credit request approval from a credit bureau. In someembodiments, the provider may request the consumer's credit report basedon the UIDN. In other embodiments, the provider may resolve the UIDNinto another identifier recognized by the credit bureau, such as, forexample, the consumer's name and date of birth, social security number,credit bureau identification number, and/or the like. In some otherembodiments, the credit report request may be based on the UIDN, CVTN,and/or PVTN. In some embodiments, requesting the credit report from acredit bureau may be optional and may not be performed. In at least oneof the various embodiments, block 822 may employ embodiments of block614 of FIG. 6 to request a credit report from a credit bureau.

In any event, process 800 proceeds to decision block 822, where adetermination may be made whether the consumer has an acceptable creditrating. In at least one of the various embodiments, decision block 822may employ embodiments of decision block 616 of FIG. 6 to determinewhether the consumer has an acceptable credit rating.

If the consumer does not have an acceptable credit rating, thenprocessing flows to block 816. At block 816, the credit request may berejected. In at least one of the various embodiments, block 816 mayemploy embodiments of block 612 of FIG. 6 to reject the credit request.

If the consumer has an acceptable credit rating, then processing flowsto block 824, where the provider provides credit to the consumer. Insome embodiments, block 824 may employ embodiments of block 618 of FIG.8 to provide credit to the consumer.

Process 800 next proceeds to block 826, where the provider provides anupdate to the credit report for the consumer based on the creditapproval. In at least one of the various embodiments, block 822 mayemploy embodiments of block 620 of FIG. 6 to update a credit report forthe consumer.

Process 800 then returns to a calling process to perform other actions.

FIG. 9 shows one embodiment of a system for implementing a creditrequest authentication process such as that shown in FIG. 8. System 900may include consumer 902, provider 904, identity authority 906, andcredit bureau 908. Consumer 902 may be a user of client devices 103-105,ATM device 102, or telephone/fax device 106 of FIG. 1. Provider 904 maybe an embodiment of PSD 110 of FIG. 1. Identity authority 906 may be anembodiment of IASD 112 of FIG. 1. Credit bureau 908 may be an embodimentof CBSD 114 of FIG. 1. In some embodiments, credit bureau 908 may beoptional and may not be utilized.

First, consumer 902 may obtain an OTP generated from a biometricsmartcard, such as biometric smartcard 200 of FIG. 2, and provide italong with an RID and UIDN of consumer 902 to identity authority 906 forauthentication.

Second, identity authority 906 may provide a CVTN to consumer 902 whenthe OTP is authentic. If the OTP is not authentic, then identityauthority 906 may notify consumer 902 that the OTP authentication forconsumer 902 failed.

Third, consumer 902 may provide a credit request to provider 904. Thecredit request may include a UIDN of consumer 702 and the CVTN receivedfrom identity authority 906.

Fourth, provider 904 may send an identity verification request toidentity authority 906 for the credit request. The identity verificationrequest may include the CVTN, RID, and UIDN received from consumer 902.

Fifth, identity authority 906 may authenticate the CVTN and provide averification response to provider 904. If the CVTN is authentic, thenthe verification response may include a PVTN for the credit request. Ifthe CVTN is not authentic, then the verification response may indicatethat the credit request authentication for consumer 902 failed.

Sixth, provider 904 may utilize the UIDN or other resolved identifierunderstood by credit bureau 908 to request a credit report from creditbureau 908 for consumer 902. In one embodiment, provider 904 may utilizethe CVTN and/or the PVTN to request a credit report from credit bureau908 for consumer 902. In some embodiments, requesting a credit reportfrom credit bureau 908 may be optional and may not be performed.

Seventh, credit bureau 908 may provide a credit report for consumer 902to provider 904.

Eighth, provider 904 may provide credit to consumer 902 if the creditreport shows consumer 902 has an acceptable credit rating. If consumer902 has an unacceptable credit rating, then provider 904 may provide acredit request rejection to consumer 902.

Ninth, provider 904 may provide a credit report update for consumer 902to credit bureau 908. The credit report update may indicate whether thecredit request was approved or rejected by provider 904.

FIG. 10 illustrates a logical flow diagram generally showing oneembodiment of a process for utilizing an identity authority and aone-time-pin generated from a consumer biometric smartcard toauthenticate a credit request from a consumer. In some embodiments,process 1000 or portions of process 1000 of FIG. 10 may be implementedby and/or executed on one or more network devices, such as networkdevice 300 of FIG. 3

Process 1000 begins, after a start block, at block 1002, where aprovider may receive a credit request and UIDN from a consumer. In atleast one of the various embodiments, block 1002 may employ embodimentsof block 602 of FIG. 6 for receiving a credit request from a consumer.

Process 1000 continues at block 1004, where an identity authorityreceives the UIDN from the provider. In some embodiments, the identityauthority may be a third party separate from the consumer and theprovider. In some embodiments, the UIDN may be provided to the identityauthority as an identity verification request. In at least one of thevarious embodiments, the identity verification request may be providedto the identity authority through a secure means, such as, but notlimited to, a secure internet connection, or the like.

Proceeding to block 1006, the identity authority may requests an OTPgenerated from a biometric smartcard for the consumer. In someembodiments, block 1006 may employ embodiments of block 604 of FIG. 6for requesting an OTP from a consumer. In such embodiments, the OTP maybe requested from the consumer by the identity authority, rather than bythe provider, as described by process 600 of FIG. 6.

Process 1000 next continues at decision block 1008, where adetermination may be made whether an OTP received from the consumer isauthentic. In one embodiment, decision block 1004 may employ embodimentsof decision block 608 of FIG. 6 to determine whether the OTP isauthentic. If the OTP is authentic, then processing flows to block 1012;otherwise, processing flows to block 1010.

At block 1012, the identity authority may provide a PVTN to the providerfor the credit request. In at least one of the various embodiments,block 1012 may employ embodiments of block 610 of FIG. 6 to provide aPVTN to the provider.

Processing then flows to block 1014, where the provider may request acredit report for the consumer from a credit bureau. In someembodiments, the provider may request the consumer's credit report basedon the UIDN. In other embodiments, the provider may resolve the UIDNinto another identifier recognized by the credit bureau, such as, forexample, the consumer's name and date of birth, social security number,credit bureau identification number, and/or the like. In some otherembodiments, the provider may utilize the UIDN and PVTN to request theconsumer's credit report. In some embodiments, requesting a creditreport from the credit bureau may be optional and may not be performed.In one embodiment, the provider may internally maintain credit reportsand/or credit ratings of consumers. In at least one of the variousembodiments, block 1014 may employ embodiments of block 614 of FIG. 6 torequest a credit report for the credit request.

Process 1000 next proceeds to decision block 1016, where a determinationmay be made whether the consumer has an acceptable credit rating. Insome embodiments, decision block 1016 may employ embodiments of decisionblock 616 of FIG. 6 to determine whether the consumer has an acceptablecredit rating.

If the consumer does not have an acceptable credit rating, thenprocessing flows to block 1010. At block 1010, the credit request may berejected. In at least one of the various embodiments, block 1010 mayemploy embodiments of block 612 of FIG. 6 to reject the credit request.Processing then returns to a calling process to perform other actions.

If the consumer has an acceptable credit rating, then processing flowsto block 1018, where the provider provides credit to the consumer. Insome embodiments, block 1018 may employ embodiments of block 618 of FIG.8 to provide credit to the consumer.

Process 1000 next proceeds to block 1020, where the provider provides anupdate to the credit report for the consumer based on the creditapproval. In at least one of the various embodiments, block 1020 mayemploy embodiments of block 620 of FIG. 6 to update a credit report forthe consumer.

Process 800 then returns to a calling process to perform other actions.

FIG. 11 shows one embodiment of a system for implementing a creditrequest authentication process such as that shown in FIG. 10.

System 1100 may include consumer 1102, provider 1104, identity authority1106, and credit bureau 1108. Consumer 1102 may be a user of clientdevices 103-105, ATM device 102, or telephone/fax device 106 of FIG. 1.Provider 114 may be an embodiment of PSD 110 of FIG. 1. Identityauthority 1106 may be an embodiment of IASD 112 of FIG. 1. Credit bureau1108 may be an embodiment of CBSD 114 of FIG. 1. In some embodiments,credit bureau 1108 may be optional and may not be utilized.

First, consumer 1102 may provide a credit request to provider 1104. Thecredit request may include a UIDN of consumer 1102.

Second, provider 1104 may send an identity verification request toidentity authority 1106 for the credit request. The identityverification request may include the UIDN received from consumer 1102.

Third, identity authority 1106 may request an OTP from consumer 1102.

Fourth, consumer 1102 may obtain an OTP generated from a biometricsmartcard, such as biometric smartcard 200 of FIG. 2, and provide it toidentity authority 1106 for authentication.

Fifth, identity authority 1106 may authenticate the OTP and provide averification response to provider 1104. If the OTP is authentic, thenthe verification response may include a PVTN for the credit request. Ifthe OTP is not authentic, then the verification response may indicatethat credit request authentication for consumer 1102 failed.

Sixth, provider 1104 may utilize the UIDN or other resolved identifierunderstood by credit bureau 1108 to request a credit report from creditbureau 1108 for consumer 1102. In one embodiment, provider 1104 mayutilize the PVTN to request a credit report from credit bureau 1108 forconsumer 1102. In some embodiments, requesting a credit report fromcredit bureau 1108 may be optional and may not be performed.

Seventh, credit bureau 1108 may provide a credit report for consumer1102 to provider 1104.

Eighth, provider 1104 may provide credit to consumer 1102 if the creditreport shows consumer 1102 has an acceptable credit rating. If consumer1102 has an unacceptable credit rating, then provider 1104 may provide acredit request rejection to consumer 1102.

Ninth, provider 1104 may provide a credit report update for consumer1102 to credit bureau 1108. The credit report update may indicatewhether the credit request was approved or rejected by provider 1104.

It will be understood that each block of the flowchart illustration, andcombinations of blocks in the flowchart illustration, can be implementedby computer program instructions. These program instructions may beprovided to a processor to produce a machine, such that theinstructions, which execute on the processor, create means forimplementing the actions specified in the flowchart block or blocks. Thecomputer program instructions may be executed by a processor to cause aseries of operational steps to be performed by the processor to producea computer-implemented process such that the instructions, which executeon the processor to provide steps for implementing the actions specifiedin the flowchart block or blocks. The computer program instructions mayalso cause at least some of the operational steps shown in the blocks ofthe flowchart to be performed in parallel. Moreover, some of the stepsmay also be performed across more than one processor, such as mightarise in a multi-processor computer system. In addition, one or moreblocks or combinations of blocks in the flowchart illustration may alsobe performed concurrently with other blocks or combinations of blocks,or even in a different sequence than illustrated without departing fromthe scope or spirit of the invention.

Accordingly, blocks of the flowchart illustration support combinationsof means for performing the specified actions, combinations of steps forperforming the specified actions and program instruction means forperforming the specified actions. It will also be understood that eachblock of the flowchart illustration, and combinations of blocks in theflowchart illustration, can be implemented by special purposehardware-based systems, which perform the specified actions or steps, orcombinations of special purpose hardware and computer instructions.

The above specification, examples, and data provide a completedescription of the manufacture and use of the composition of theinvention. Since many embodiments of the invention can be made withoutdeparting from the spirit and scope of the invention, the inventionresides in the claims hereinafter appended.

1. A method for authenticating a consumer for a financial service from aprovider over a network, comprising: employing the provider to receive arequest for the financial service from the consumer that is assigned abiometric card and a unique identification number (“UIDN”) thatcorresponds to the biometric card; employing the biometric card todetermine an authenticity of biometric information about the consumerthat is captured by the biometric card; employing the provider toprovide at least the UIDN received from the consumer to an identityauthority that determines an authenticity of a one time pin (“OTP”),wherein the OTP is generated by the biometric card based on at leastaffirmative authentication of biometric information about the consumer;and employing the identity authority to authorize the provider toprovide the consumer with access to the financial service based on theidentity authority's affirmative authentication of the OTP provided bythe consumer.
 2. The method of claim 1, further comprising enabling theconsumer to provide the OTP to the provider along with the UIDN and therequest for financial services.
 3. The method of claim 1, furthercomprising employing the provider to request and receive the OTP fromthe consumer after the provider receives the request for financialservices.
 4. The method of claim 1, further comprising employing thethird party entity to request and receive the OTP after the providerreceives the request for financial services.
 5. The method of claim 1,further comprising: employing the third party entity to receive the OTPfrom the consumer prior to the provider receiving the request; employingthe third party entity to provide a consumer verification transactionnumber (“CVTN”) to the consumer based on an affirmative authenticationof the OTP; employing the provider to receive the CVTN from theconsumer; employing the provider to provide the CVTN to the third partyentity; and employing the third party entity to authorize the providerto provide the consumer with access to the financial service based onthe third party entity's affirmative authentication of the CVTN providedby the consumer.
 6. The method of claim 1, wherein the biometricinformation about the consumer includes at least one of a fingerprint, afacial image, and an image of an iris in an eye of the consumer.
 7. Themethod of claim 1, wherein the provider requests a credit report aboutthe consumer from a credit bureau based on at least one of the UIDN anda consumer verification transaction number (“CVTN”), and a providerverification transaction number (“PVTN”).
 8. The method of claim 1,wherein the OTP is communicated to the identity authority by at leastone of a telephone call, a fax, a physical letter, an electronicmessage, and a website.
 9. A system for authenticating a consumer for afinancial service from a provider device over a network, comprising: abiometric card that is provided to the consumer and is operative tocapture and determine an authenticity of biometric information about theconsumer; and a network device, including: a memory for storinginstructions; and a processor that executes the instructions to enableactions, comprising: receiving a request at the provider for thefinancial service from the consumer that is assigned a biometric cardand a unique identification number (“UIDN”) that corresponds to thebiometric card; employing the provider to provide at least the UIDNreceived from the consumer to an identity authority that determines anauthenticity of a one time pin (“OTP”), wherein the OTP is generated bythe biometric card based on at least affirmative authentication ofbiometric information about the consumer; and employing the identityauthority to authorize the provider to provide the consumer with accessto the financial service based on the identity authority's affirmativeauthentication of the OTP provided by the consumer.
 10. The system ofclaim 9, wherein the actions further comprise enabling the consumer toprovide the OTP to the provider along with the UIDN and the request forfinancial services.
 11. The system of claim 9, wherein the actionsfurther comprise employing the provider to request and receive the OTPfrom the consumer after the provider receives the request for financialservices.
 12. The system of claim 9, wherein the actions furthercomprise employing the third party entity to request and receive the OTPafter the provider receives the request for financial services.
 13. Thesystem of claim 9, wherein the actions further comprise: employing thethird party entity to receive the OTP from the consumer prior to theprovider receiving the request; employing the third party entity toprovide a consumer verification transaction number (“CVTN”) to theconsumer based on an affirmative authentication of the OTP; employingthe provider to receive the CVTN from the consumer; employing theprovider to provide the CVTN to the third party entity; and employingthe third party entity to authorize the provider to provide the consumerwith access to the financial service based on the third party entity'saffirmative authentication of the CVTN provided by the consumer.
 14. Thesystem of claim 9, wherein the biometric information about the consumerincludes at least one of a fingerprint, a facial image, and an image ofan iris in an eye of the consumer.
 15. The system of claim 9, whereinthe provider requests a credit report about the consumer from a creditbureau based on at least one of the UIDN and a consumer verificationtransaction number (“CVTN”), and a provider verification transactionnumber (“PVTN”).
 16. The system of claim 9, wherein the OTP iscommunicated to the identity authority by at least one of a telephonecall, a fax, a physical letter, an electronic message, and a website.17. A processor readable non-transitory storage media that includesinstructions for authenticating a consumer for a financial service froma provider over a network, wherein the execution of the instructions bya processor enables actions, comprising: employing the provider toreceive a request for the financial service from the consumer that isassigned a biometric card and a unique identification number (“UIDN”)that corresponds to the biometric card; employing the biometric card todetermine an authenticity of biometric information about the consumerthat is captured by the biometric card; employing the provider toprovide at least the UIDN received from the consumer to an identityauthority that determines an authenticity of a one time pin (“OTP”),wherein the OTP is generated by the biometric card based on at leastaffirmative authentication of biometric information about the consumer;and employing the identity authority to authorize the provider toprovide the consumer with access to the financial service based on theidentity authority's affirmative authentication of the OTP provided bythe consumer.
 18. The media of claim 17, further comprising enabling theconsumer to provide the OTP to the provider along with the UIDN and therequest for financial services.
 19. The media of claim 17, furthercomprising employing the provider to request and receive the OTP fromthe consumer after the provider receives the request for financialservices.
 20. The media of claim 17, further comprising employing thethird party entity to request and receive the OTP after the providerreceives the request for financial services.
 21. The media of claim 17,further comprising: employing the third party entity to receive the OTPfrom the consumer prior to the provider receiving the request; employingthe third party entity to provide a consumer verification transactionnumber (“CVTN”) to the consumer based on an affirmative authenticationof the OTP; employing the provider to receive the CVTN from theconsumer; employing the provider to provide the CVTN to the third partyentity; and employing the third party entity to authorize the providerto provide the consumer with access to the financial service based onthe third party entity's affirmative authentication of the CVTN providedby the consumer.